VYPR

apk package

chainguard/py3.12-diffusers-cuda-13.0

pkg:apk/chainguard/py3.12-diffusers-cuda-13.0

Vulnerabilities (2)

  • CVE-2026-45804higMay 20, 2026
    affected < 0.38.0-r0fixed 0.38.0-r0

    ## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a `trust

  • CVE-2026-44513HigMay 14, 2026
    affected < 0.38.0-r0fixed 0.38.0-r0

    Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulner